Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

NAC OOB VIRTUAL GW 4.5.1 Questions

Hi all!

I need some questions about:

- How can I check if the antivirus service is running? (imagine that i have the AV installed but the service is stoped).

- When the client logs on the computer, the NAC client presents a warning like the certificate warning. Can i configure the pc to ignore this message?

- In version 4.5.1, how can i de-certified a device whe the client log off? In other words, I want to check the requierements any time the client logs on the computer.

Thank you!!!


Re: NAC OOB VIRTUAL GW 4.5.1 Questions


1. Create a service check and then tie that to your requirement/role

2. Is your certificate self-signed? If so, you will have to make sure that that certificate is also in the Certificate Stores on your client machines to avoid the warning message. An easier way would be to get a certificate from a third party which already have their roots in the client machines (like Verisign or GoDaddy etc)

3. Depends on your setup. In OOB you can't do that right now. IB you might be able to.



Re: NAC OOB VIRTUAL GW 4.5.1 Questions

Hi Faisal!

Thanks for your answers. But:

- If i can't de-certified the device when the cust does a logout, how much time the device is certified by default?

- If i need to create a rule that checks if my cust has any of two antivirus products, like McAfee and Panda?


Re: NAC OOB VIRTUAL GW 4.5.1 Questions


You can check for more than one AV. Ensure that you have the AV rules defined, and in your requirement setup, choose both the AV rules, and select "Any rule". This way if they have either one or the other, your AV requirement will pass.

As for the other question, you can have the users from OOB setups removed from the Online Users List. Check the port profile and select the appropriate options for that. In an IB setup, you can use the heartbeat timers to log them off. In either instance, they would still remain in the Certified Device List, but would be asked for posture when they reconnect. CDLs only get cleared manually or by defining timers to clear them periodically.